Bio

I am CTO and co-founder at Cleanlab, where we are building tools for reliable AI.

Previously, I completed my PhD at MIT CSAIL in the PDOS group, where I was advised by Frans Kaashoek and Nickolai Zeldovich. Before that, I was an undergrad at MIT, during which I co-founded Code for Good, helped run HackMIT, and interned at Oak Ridge National Lab, Google, Dropbox, and OpenAI.

Publications

1. Modular Verification of Secure and Leakage-Free Systems: From Application Specification to Circuit-Level Implementation

   Anish Athalye, Henry Corrigan-Gibbs, M. Frans Kaashoek, Joseph Tassarotti, and Nickolai Zeldovich.

   30th ACM Symposium on Operating Systems Principles (SOSP 2024).

   Code [IPR theory, HSMs], Talk, Slides [pdf, key], Poster

2. Verifying Hardware Security Modules with Information-Preserving Refinement

   Anish Athalye, M. Frans Kaashoek, and Nickolai Zeldovich.

   16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2022).

   Code [Knox framework, HSMs], Talk, Slides [pdf, key], Poster

3. Pervasive Label Errors in Test Sets Destabilize Machine Learning Benchmarks

   Curtis G. Northcutt, Anish Athalye, and Jonas Mueller.

   35th Conference on Neural Information Processing Systems (NeurIPS 2021)
   Track on Datasets and Benchmarks.

   Demo, Code, Blog Post, Press [1, 2, 3, …4, 5, 6, 7, 8, 9, 10, 11]

4. Notary: A Device for Secure Transaction Approval

   Anish Athalye, Adam Belay, M. Frans Kaashoek, Robert Morris, and Nickolai Zeldovich.

   27th ACM Symposium on Operating Systems Principles (SOSP 2019).

   Code, Talk, Slides, Poster, Articles [;login:, GetMobile]

5. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

   Anish Athalye*, Nicholas Carlini*, and David Wagner.

   35th International Conference on Machine Learning (ICML 2018).

   (Best Paper Award)

   Code, Poster, Press [1, 2]

6. Synthesizing Robust Adversarial Examples

   Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, and Kevin Kwok.

   35th International Conference on Machine Learning (ICML 2018).

   Blog Posts [1, 2], Slides [pdf, key], Poster, Press [1, 2, 3, …4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29]

7. Black-box Adversarial Attacks with Limited Queries and Information

   Andrew Ilyas*, Logan Engstrom*, Anish Athalye*, and Jessy Lin*.

   35th International Conference on Machine Learning (ICML 2018).

   Code, Blog Posts [1, 2], Poster, Press [1, 2, 3, …4, 5, 6, 7, 8, 9]

8. pASSWORD tYPOS and How to Correct Them Securely

   Rahul Chatterjee, Anish Athalye, Devdatta Akhawe, Ari Juels, and Thomas Ristenpart.

   37th IEEE Symposium on Security and Privacy (SP 2016).

   (Distinguished Student Paper Award)

   Code, Press [1, 2]

Short Papers

1. The K2 Architecture for Trustworthy Hardware Security Modules

   Anish Athalye, M. Frans Kaashoek, Nickolai Zeldovich, and Joseph Tassarotti.

   1st Workshop on Kernel Isolation, Safety and Verification (KISV 2023).

   Slides [pdf, key], Poster

2. Leakage models are a leaky abstraction: the case for cycle-level verification of constant-time cryptography

   Anish Athalye, M. Frans Kaashoek, Nickolai Zeldovich, and Joseph Tassarotti.

   1st Workshop on Programming Languages and Computer Architecture (PLARCH 2023).

   Code, Slides [pdf, key]

3. rtlv: push-button verification of software on hardware

   Noah Moroze, Anish Athalye, M. Frans Kaashoek, and Nickolai Zeldovich.

   5th Workshop on Computer Architecture Research with RISC-V (CARRV 2021).

   Code [1, 2, 3], Talk, Blog Post

4. Evaluating and Understanding the Robustness of Adversarial Logit Pairing

   Logan Engstrom*, Andrew Ilyas*, and Anish Athalye*.

   NeurIPS 2018 Workshop on Security in Machine Learning (SECML 2018).

   Code, Poster

5. On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses

   Anish Athalye* and Nicholas Carlini*.

   The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS 2018).

   Code [1, 2], Poster

Manuscripts

1. Formally Verifying Secure and Leakage-Free Systems: From Application Specification to Circuit-Level Implementation

   Anish Athalye.

   Ph.D. thesis, Massachusetts Institute of Technology, August 2024.

2. On Evaluating Adversarial Robustness

   Nicholas Carlini, Anish Athalye, Nicolas Papernot, Wieland Brendel, Jonas Rauber, Dimitris Tsipras, Ian Goodfellow, Aleksander Madry, and Alexey Kurakin.

   Repository

Projects

• introduction to data-centric ai — the first-ever course on DCAI
• missing semester — a course on programmer tools
• neural-style — neural style in tensorflow
• porcupine — a fast linearizability checker
• periscope — organize and de-duplicate files without losing data
• dotbot — a tool to bootstrap dotfiles
• git-remote-dropbox — a transparent bridge between git and dropbox
• seashells — pipe shell output to the web
• … and more